<%@page import="org.apache.commons.lang3.StringEscapeUtils"%>
<%@ include file="/WEB-INF/views/framework/global.jsp" %>
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<%
	String error = request.getParameter("error");
	if(error!=null){
		error = error.substring(0,1);
	}
	//凭借html转码无法完全阻止xss，因为变量被直接使用在js中   
	//error = StringEscapeUtils.escapeHtml4(error);
%>
<html class="ovh">
	<head>
		<meta charset="utf-8" />
		<meta name="viewport" content="width=device-width, initial-scale=1.0">
		<meta http-equiv="X-UA-Compatible" content="IE=edge">
		<title>登录</title>
		<!--[if lt IE 9]>
			<script src="http://cdn.bootcss.com/html5shiv/3.7.0/html5shiv.min.js"></script>
			<script src="http://cdn.bootcss.com/respond.js/1.3.0/respond.min.js"></script>
		<![endif]-->
		<link type="text/css" rel="stylesheet" href="${theme_path}/login.css">
	</head>
	<body class="kk ovh">
		<header class="login_header">
			<div class="login_header_bar"><h1 class="fw l"><fmt:message key="app.name" /></h1> <i class="l">|</i> <h2 class="fw l">登录</h2></div>
		</header>
		<form id="login_form" action="${path}/authenticate" method="post" >
		<div class="login_content">
			<ul class="fix login_content_ul">
				<li class="l rel">
					<br>
					<img src="${image_path}/login/logo.jpg" width="90%">
				</li>
				<li class="l">
					<div class="login_outer_box rel">
						<div class="login_inner_box abs">
							<h3 class="fw login_lalah1"><span style="padding-left:20px;">请输入用户名和密码</span></h3>

							
							<h4 class="error_tip fw pl20" id="error_tip">用户名或密码错误</h4>
							<h4 class="error_tip fw pl20" id="error_custom">${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}</h4>
							<input class="form-control input-lg input username" placeholder="用户名"  name="j_username" id="j_username">
							<br>
							<input class="form-control input-lg input password" placeholder="密码" id="j_password"  name="j_password" type="password">
							<br>
							<button type="submit" id="submit" class="btn btn-primary btn-lg input fw" style="margin-left:20px;"><b>登 录</b></button>
							<div class="mt20"><a href="<c:url value='/regist'/>" class="f16 fw pl20">学生注册</a></div>
						</div>
					</div>
				</li>
			</ul>
		</div>
		</form>
		
		<script type="text/javascript">
		var message = '${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}';
		var error = '<%=error%>',
			errorTip = $('#error_tip'),
			errorCustom = $('#error_custom');
		if (error === '1') {
			if(message==""){//非自定义错误
				errorTip.css('display', 'block');
			}
			else{
				errorCustom.css('display', 'block');
				errorTip.css('display', 'none');
			}
		} else {
			errorTip.css('display', 'none');
			errorCustom.css('display', 'none');
		}
		$('#submit').click(function () {
			$('#login_form').submit();
		});
		//alert(document.cookie);
	</script>
	</body>
</html>

